5 Replies Latest reply on Jul 25, 2007 12:30 PM by tufla

    Error trying to access resource in CMSAdmin

    tufla

      Hello to all !

      I'm working on JbossPortal 2.6.0-CR3

      I've uploaded some directories and files to CMS root (siblings of default directory) trough CMS Admin.

      I can entry to modify the files into default directory, but, when I try to entry to my directories is generated an exception.

      These are the security policies defined into

      jboss-portal.sar/portal-cms.sar/META-INF/jboss-service.xml

       <!-- ACL Security Interceptor -->
       <mbean
       code="org.jboss.portal.cms.impl.interceptors.ACLInterceptor"
       name="portal:service=Interceptor,type=Cms,name=ACL"
       xmbean-dd=""
       xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
       <xmbean/>
       <attribute name="JNDIName">java:/portal/cms/ACLInterceptor</attribute>
       <attribute name="CmsSessionFactory">java:/portal/cms/CMSSessionFactory</attribute>
       <attribute name="IdentitySessionFactory">java:/portal/IdentitySessionFactory</attribute>
       <attribute name="DefaultPolicy">
       <![CDATA[
       <policy>
       <!-- permissions on the root cms node -->
       <criteria name="path" value="/">
       <permission name="cms" action="read">
       <role name="Anonymous"/>
       </permission>
       <permission name="cms" action="write">
       <role name="User"/>
       </permission>
       <permission name="cms" action="manage">
       <role name="Admin"/>
       </permission>
       </criteria>
       <!-- permissions on the default cms node -->
       <criteria name="path" value="/default">
       <permission name="cms" action="read">
       <role name="Anonymous"/>
       </permission>
       <permission name="cms" action="write">
       <role name="User"/>
       </permission>
       <permission name="cms" action="manage">
       <role name="Admin"/>
       </permission>
       </criteria>
       <!-- permissions on the default cms node -->
       <criteria name="path" value="/MY_DIRECTORY">
       <permission name="cms" action="read">
       <role name="Anonymous"/>
       </permission>
       <permission name="cms" action="write">
       <role name="User"/>
       </permission>
       <permission name="cms" action="manage">
       <role name="Admin"/>
       </permission>
       </criteria>
       <!-- permissions on the private/protected node -->
       <criteria name="path" value="/default/private">
       <permission name="cms" action="manage">
       <role name="Admin"/>
       </permission>
       </criteria>
       </policy>
       ]]>
       </attribute>
       <depends optional-attribute-name="AuthorizationManager" proxy-type="attribute">
       portal:service=AuthorizationManager,type=cms
       </depends>
       <depends>portal:service=Hibernate,type=CMS</depends>
       <depends>portal:service=Module,type=IdentityServiceController</depends>
       </mbean>
      


      Please help me, I need to solve this asap...

      Thanks in advance !

      Below is the exception presented:

      An error occured
      
      
      ERROR
      Cause: javax.portlet.PortletException: Access to this resource is denied
      Message: Access to this resource is denied
      StackTrace:
      
      javax.portlet.PortletException: Access to this resource is denied
       at org.jboss.portal.core.cms.ui.admin.CMSAdminPortlet.doView(CMSAdminPortlet.java:176)
       at org.jboss.portlet.JBossPortlet.doDispatch(JBossPortlet.java:242)
       at org.jboss.portlet.JBossPortlet.render(JBossPortlet.java:229)
       at org.jboss.portlet.JBossPortlet.render(JBossPortlet.java:366)
       at org.jboss.portal.portlet.impl.jsr168.PortletContainerImpl.invokeRender(PortletContainerImpl.java:483)
       at org.jboss.portal.portlet.impl.jsr168.PortletContainerImpl.dispatch(PortletContainerImpl.java:405)
       at org.jboss.portal.portlet.container.PortletContainerInvoker$1.invoke(PortletContainerInvoker.java:86)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:131)
       at org.jboss.portal.core.aspects.portlet.TransactionInterceptor.org$jboss$portal$core$aspects$portlet$TransactionInterceptor$invokeRequired$aop(TransactionInterceptor.java:106)
       at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeRequired_9103964459766407072.invokeNext(TransactionInterceptor$invokeRequired_9103964459766407072.java)
       at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
       at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195)
       at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeRequired_9103964459766407072.invokeNext(TransactionInterceptor$invokeRequired_9103964459766407072.java)
       at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
       at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195)
       at org.jboss.portal.core.aspects.portlet.TransactionInterceptor$invokeRequired_9103964459766407072.invokeNext(TransactionInterceptor$invokeRequired_9103964459766407072.java)
       at org.jboss.portal.core.aspects.portlet.TransactionInterceptor.invokeRequired(TransactionInterceptor.java)
       at org.jboss.portal.core.aspects.portlet.TransactionInterceptor.invoke(TransactionInterceptor.java:72)
       at org.jboss.portal.portlet.invocation.PortletInterceptor.invoke(PortletInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.portlet.HeaderInterceptor.invoke(HeaderInterceptor.java:50)
       at org.jboss.portal.portlet.invocation.PortletInterceptor.invoke(PortletInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.portlet.aspects.portlet.ProducerCacheInterceptor.invoke(ProducerCacheInterceptor.java:58)
       at org.jboss.portal.portlet.invocation.PortletInterceptor.invoke(PortletInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
      ...
      


        • 1. Re: Error trying to access resource in CMSAdmin
          soshah

          tufla-

          The security policy of the CMS Admin tool should not be set using the jboss-service.xml file.

          That policy specified in this file is only used to generate the security policy the first time the portal is created and serves as *boot* policy.


          The security policy should be set via the CMS Admin tool using the "Secure Node" functionality provided in the "Actions" menu bar

          Thanks

          • 2. Re: Error trying to access resource in CMSAdmin
            tufla

            Thank you for your answer Sohil...

            I thought in that way...The security policies that I can view trough "Secure" action for node: / are the same defined into the jboss-service.xml for the same path. So, I think that it's right.

            But, I cannot access to "Secure" action for my directory, because the exception appears when I try to entry in it.

            So, what can I do ??

            • 3. Re: Error trying to access resource in CMSAdmin
              soshah

              tufla-

              To setup security policy just login as the "admin' user.

              Once the policy is setup for the respective users/roles, then logout and re-login as those users and test it out.

              the original 'admin' user is treated as the root and has permission to perform all functions including setting up security policies on nodes. Hence, make sure 'admin' password is properly secured

              See here for more details: http://wiki.jboss.org/wiki/Wiki.jsp?page=CMS_Security on the semantics of permissions that can be setup on the CMS resources

              Thanks

              • 4. Re: Error trying to access resource in CMSAdmin
                tufla

                Sohil, I'm trying to do the changes with an admin user, but not with the original (that user was deleted :s), could be this the problem ?

                How could I recovery the original admin, or "grant me" the permissions to be treated as the root ??

                Thank you.

                • 5. Re: Error trying to access resource in CMSAdmin
                  tufla

                  I've created again a user called "admin" and the problem was fixed with this user...

                  But I don't understand why happen that...

                  Thank you by your help Sohil !!!